Cody Brocious -- a Mozilla dev and security researcher -- presented a paper on a vulnerability in hotel-door locks last month at Black Hat. Many electronic hotel door-locks made by Onity have a small DC power-port that also supplies data beneath them. Brocious showed that if he plugs an Arduino into these locks, reads out the 24-bit number sitting there, and re-transmits it to them, some appreciable fraction of them (but not all of them) spring open.
Testing a standard Onity lock he ordered online, he’s able to easily bypass the card reader and trigger the opening mechanism every time. But on three Onity locks installed on real hotel doors he and I tested at well-known independent and franchise hotels in New York, results were much more mixed: Only one of the three opened, and even that one only worked on the second try, with Brocious taking a break to tweak his software between tests.
Even with an unreliable method, however, Brocious’s work–and his ability to open one out of the three doors we tested without a key–suggests real flaws in Onity’s security architecture. And Brocious says he plans to release all his research in a paper as well as source code through his website following his talk, potentially enabling others to perfect his methods.
Brocious’s exploit works by spoofing a portable programming device that hotel staff use to control a facility’s locks and set which master keys open which doors. The portable programmer, which plugs into the DC port under the locks, can also open any door, even providing power through that port to trigger the mechanism of a door lock in which the battery has run out.
Hacker Will Expose Potential Security Flaw In Four Million Hotel Room Keycard Locks
Calyx is a famous, heroic, radical ISP that has been involved in groundbreaking litigation — they were the first company to ever get a secret Patriot Act warrant unsealed, fighting for 11 years to overturn the gag order.
After failing to install Linux on a recent Lenovo laptop, a Reddit user claims to have received a short reply from Lenovo’s support team: “This system has a Signature Edition of Windows 10 Home installed. It is locked per our agreement with Microsoft.”
The new conveyor system will open the week of October 3, ferrying books from the vast, subterranean archives beneath Bryant Park to researchers working in the Stephen A. Schwarzman Building on Fifth Avenue and 42nd Street.
Evan Kimbrell, founder of the digital agency Sprintkick, recently released a series of online courses that feature some of the best advice we’ve come across. These courses are well worth your time, and will save you from making many typical mistakes down the line if you ever want to start your own business.With this Business […]
Handy is the most convenient solution we’ve found for booking a house cleaning at the last minute, and they do a really great job. It’s as easy as heading to the site, selecting a date and time that works for you and the number of rooms in your home. We’ve even scheduled emergency cleanings as soon as the following day. […]
With all the new amazing games and consoles out there, we still can’t help but have a soft spot for old school staples. From Super Mario to Mortal Kombat, classic games just never get old. Which is why we’re so excited to relive the nostalgia with our newest deal in the Boing Boing Shop: The Complete SNES […]